As an example, the most known banking institutions in Thailand are the following ones:
|➤ Siam Commercial Bank|
|➤ Kasikorn Bank|
|➤ Bangkok Bank|
|➤ Bang Krung thai|
In addition, internet banking was first introduced in 1999 by Siam Commercial Bank (SCB) in Thailand. Now, the majority of commercial banks have their own websites offering online banking services.
In Thailand, banks and all banking services, including internet banking, are supervised by Bank of Thailand (BOT). Indeed, the Bank of Thailand Act has given the BOT the responsibility for all central banking functions. The BOT is therefore responsible for supervising, reviewing and analyzing the financial status and performance as well as the risk management systems of financial institutions. In general, the BOT is responsible for creating the necessary framework and environment to meet the needs of the banking, commercial and financial sectors.
In terms of the digitalization of the banking sector, the BOT aims to increase the reliability and viability of digital transactions while reducing the risks associated with transactions.
The laws and regulations for internet banking services in Thailand are as follows:
|➤ Financial Institution Business Act B.E. 2551 (2008)|
|➤ Electronic Transactions Act B.E 2562 (2019)|
|➤ Payment System Act B. E. 2560 ( 2017)|
|➤ Personal Data Protection Act B.E 2562 (2019)|
|➤ Regulation of the Bank for International Settlements (BIS)|
The purpose of these acts is to strengthen the credibility of electronic transactions, to prevent any risk and to obtain international recognition.
In order to ensure the viability and stability of banking services, Thai banking institutions must meet multiple requirements and comply with numerous regulations.
Regulated financial institutions in Thailand require a specific license in order to pursue the following activities:
|➤ Commercial banking activities|
|➤ Finance activities|
|➤ Land finance activities|
The activities covered by the commercial banks, are the activities necessary for the exercise of commercial banking activities and accessory activities. We can mention the following activities:
|➤ Electronic money services|
|➤ Securities activities (except for shares)|
|➤ Fiduciary activities|
|➤ Purchase and sale of currency|
|➤ Insurance brokerage activities|
|➤ Cash management|
|➤ IT services related to the support of digital banking services|
In addition, commercial banks must also manage risk, system and data protection, to comply with laws, international standards and rules regarding consumer legal protections. Thus, the following entities are allowed to undertake commercial banking activities, subject to obtaining a specific license:
|➤ Limited company|
|➤ Retail bank|
|➤ Subsidiary of a foreign commercial bank|
|➤ Branch of a foreign commercial bank|
In general, to undertake a commercial banking activity, it is necessary to obtain the approval of the Minister by means of a license application to the BOT. However, it is important to note that licenses and requirements vary depending on the type of commercial bank.
The business activities of foreign entities in Thailand are subject to strict controls. Under the Foreign Business Act (FBA) of 1999, foreigners seeking to start a financial technology business in Thailand must apply for a foreign business license from the Ministry of Business Development.
In addition, Fin Tech digital services companies will then be eligible for tax benefits, including corporate income tax exemption and other non-tax incentives.
Internet banking services, including e-payment, are also subject to obtaining a so-called “e-payment” license. Obtaining an e-payment license takes place in five steps.
In the first step, it will be necessary to evaluate if your company requires and is eligible. As an example, we can mention the services eligible for this license:
|➤ Inter-institutional money transfer system service|
|➤ Payment card network service|
|➤ Settlement System Service|
|➤ Provision of a credit, debit or ATM card service|
|➤ Provision of electronic money service|
|➤ Provision of an electronic payment receipt service|
|➤ Provision of an electronic money transfer service|
|➤ Provision of an electronic money service|
The third step is to prepare the documents for the license application and submit them to the OFT for a preliminary review. You should have a good understanding of the regulations of the Payment Systems Act BE 2560 (2017) and other relevant regulations/laws and then prepare the documents
Once the confirmation from the BOT is obtained, the BOT reviews the application. Then in the second step, the Ministry of Finance will consider issuing the license. Finally, you will be able to collect your license after being notified by the BOT.
Sanctions may be applied in case of violation of the regulations. The penalties depend on the provision that has been violated. The law provides for criminal provisions against any person, financial institution and/or director, manager or person with the power to manage such financial institution. For example, any commercial, merchant or land bank conducting business without prior authorization is punishable by imprisonment of two to ten years and a fine of two hundred thousand baht to one million baht. Other penalties are put in place for violating the provision of the law.
As of June 26, 2020, non-banned fintech and digital currency operators can apply for an e-money license from the BOT, allowing them to issue e-money in foreign currencies for customers to pay for cross-border goods and services. Any non-bank operator wishing to apply for an FX e-money license must be a Thai entity with a minimum registered paid-up capital of one hundred million baht and must have an e-money service business license as previously stated.
The extent of obligations and rights between banks and their customers are regulated by the terms and conditions for the use of internet banking services available on the websites of banks and accepted when customers open a bank account. These contain the conditions of use of digital services, which may differ from one bank to another.
In general, the main ideas contained in the terms and conditions are the obligations of the parties and the clause on liability and its limitations. The latter should be carefully studied as it is considered one of the key legal issues and plays an important role in the evaluation of digital banking services.
Generally speaking, users will have to keep their banking information confidential, ensure the accuracy of transactions and immediately inform the bank when errors occur.
As for banks, they are required to install and maintain a reliable system to secure transactions made via the Internet, prevent unauthorized access to available banking services and keep customers informed about the security system.
As previously mentioned, the issue of accountability is of paramount value. Indeed, it allows to reinforce the confidence of the customers and encourages them to switch to a digital system of banking services in which the bank can be held liable. Thus, the issue of liability for internet banking is based on the terms and conditions that explicitly frame the regime.
In general, liability issues arising from internet banking are generally classified into three categories:
|➤ Human error|
|➤ Technical malfunction or system failure|
In the case of a breach, liability may either involve the payment of damages or injunctions through a court order.
The Personal Data Protection Act 2019 is a principle-based regime for the processing and legal protections of personal data in Thailand.
The PDPA includes provisions on the establishment of the Personal Data Protection Committee to enforce the law and issue guidelines as well as provisions on data legal protections, data owners’ rights and penalties.
The PDPA was inspired by various concepts from the EU General Data Protection Regulation (GDPR) but is also based on concepts developed from a Thai perspective. The PDPA applies to operators who process personal data and operators abroad who process personal data of individuals in Thailand. Companies will need to consolidate their customer data management policies and practices as the PDPA classifies customer data processing into three categories:
|➤ Collection of personal data|
|➤ Data Use|
|➤ Data Disclosure|
In addition, the applicability of the PDPA is extraterritorial, which means that data processors and managers based in and outside Thailand could be subject to this law, affecting many global and regional banks and other financial institutions.
The penalties that apply for failure to comply with data privacy laws are either criminal or administrative in nature. Indeed, the PDPA includes monetary penalties for non-compliance. These include fines of up to five million baths for non-compliance, imprisonment of up to one year or fines of up to one million baths for criminal penalties, and punitive damages of up to two times the amount of actual damages. In addition, Thailand now allows individuals harmed by poor data legal protections to bring class actions, thereby multiplying the civil damages awarded under the PDPA.
In conclusion, the banking sector in Thailand is rich in regulations. It is therefore important to consult a legal expert in this field to guide you in your operations.